Method and devices for performing security control in electronic message exchanges

ABSTRACT

A method for verifying the security of a message (Msg) transmitted and received in electronic form comprises on the transmitting side the steps of associating with the message a univocal message identifier (IDMsg) and a message owner identity checking identifier (IDCR) which is obtained by applying to the univocal message identifier (IDMsg) an encoding ( 12 ) associated with the owner of the message to be transmitted. On the receiving side the method comprises the steps of verification and signaling of the fact of having or not having already received a message with the same univocal message identifier (IDMsg) associated and ascertaining agreement between the univocal message identifier (IDMsg) associated with the received message and the result (IDDCR) of a decoding of the checking usemame (IDCR). A verification system and device in accordance with the method are also discussed.

The present invention relates to a method and devices for performingsecurity control in electronic message exchanges and in particular formonetary transactions such as those made with credit or debit cards andthe like.

Security problems in the exchange of messages in electronic form andespecially over intrinsically unsafe networks like for example thenetworks making up Internet are known.

Among the various problems there can be listed the possibility thatsomeone might generate messages (in particular, monetary transactionrequests) by falsifying the owner of the message and the possibilitythat actual messages might be duplicated to obtain that a requestcontained in the message be met again.

In the prior art it has been sought to remedy some aspects of theseproblems, for example by introducing systems like the so-called‘electronic signature’ which however allows having reasonable certaintyof the identity of the owner of the message but not of the uniqueness ofthe message.

Known systems are however in general complicated and difficult to applyand/or they generate an overload in the processing and/or transmissionof messages which are not always acceptable and especially in the caseof applications which they produce and must manage a high number ofmessage in relatively short times such as for example with monetarytransactions by credit or debit card and especially if used to pay forgoods or services on internet or in stores having POS terminals or thelike.

The general purpose of the present invention is to remedy the abovementioned shortcomings by making available a method and devices forsecurity verification in the exchange of messages electronically whichwould be fast, easy to apply and intrinsically reliable.

In view of this purpose it was sought to provide in accordance with thepresent invention a method for verifying the security of a messagetransmitted and received in electronic form which on the transmittingside comprises the steps of associating with the message for its latersecurity verification a univocal message identifier and an identifierfor control of the identity of the owner of the message with the controlidentifier being obtained by applying to the univocal message identifieran encoding associated with the owner of the message to be transmitted,and on the receiving side for security verification of a receivedmessage comprises the steps of verification and signaling of the fact ofhaving or not having already received a message with the same univocalidentifier of the associated message, applying a decoding associatedwith a supposed owner of the received message to the checking identifierof the owner associated with the received message, and ascertaining andsignaling the agreement or not between the univocal message identifierassociated with the received message and proven to be said decoding ofthe control username.

Again in accordance with the present invention it was sought to realizea system for safety verification of a message transmitted and receivedin electronic form comprising on the transmitting side a univocalusername generator of a message, and an encoding device receiving themessage username produced by the generator and encoding it in accordancewith a code associated with the owner of the message to be transmittedto obtain therefrom an identifier for checking the identity of themessage owner, and transmission means associating with the message to betransmitted the checking identifier and the univocal message identifierobtained, and on the receiving side comprises for safety verification ofa received message a checking device which verifies and signals that themessage identifier associated with the received message has of has notbeen received previously, and a decoding device which receives the ownerchecking identifier associated with the received message and appliesthereto a decoding associated with a supposed owner of the receivedmessage, and verification means which ascertain and signal the agreementor not of the univocal message identifier with the result of thedecoding of the checking username.

Again in accordance with the present invention it was also sought torealize a device for association of security verification factors with amessage transmitted in electronic form characterized in that itcomprises a univocal message username generator, an encoding devicereceiving the message username produced by the generator and encoding itin accordance with a code associated with the owner of the message to betransmitted to obtain therefrom an identifier for checking the identityof the message owner, and means which associate with the message to betransmitted the checking identifier and the univocal message identifierobtained.

To clarify the explanation of the innovative principles of the presentinvention and its advantages compared with the prior art there isdescribed below with the aid of the annexed drawings a possibleembodiment thereof by way of non-limiting example applying saidprinciples. In the drawings:

FIG. 1 shows a block diagram of a device or part on the transmittingside of a security verification system realized in accordance with thepresent invention,

FIG. 2 shows a block diagram of a device or part on the receiving sideof a security verification system realized in accordance with thepresent invention, and

FIG. 3 shows diagrammatically a possible combination of information inaccordance with the method of the present invention.

With reference to the figures,.FIG 1 shows the part on the transmittingside designated as a whole by reference number 10 of a security systemrealized in accordance with the present invention. This part or device10 comprises a generator 11 for generation of a univocal messageusername (designated by ID_(Msg)) and an encoding device 12 whichreceives the message username IDMsg produced by the generator andencodes it to obtain an encoded version thereof called here identifierIDCR which will be usable as clarified below as the identifier forchecking the identity of the message owner.

The device 10 is associated with a known system 13 (not described hereas it is well known and readily imaginable to those skilled in the art)for production of messages Msg to be transmitted and of which it iswished to ensure the security offered by the present invention. Thesemessages can be conventional electronic messages for management ofmonetary transactions of, for example, a credit or debit card circuit.

The generator 11 is a known generator of single keys. It can be realizedeither as hardware or software, for example the known GUID generator ofMicrosoft. Its main operational principle is based on the randomgeneration of a key or ID sufficiently long to make the probability ofgenerating two identical keys practically zero. For each message to besent, the generator therefore produces an identifier which can berepresented by a sequence of bits, numbers, characters et cetera andwhich is the only one and will never be used again. This ensures that no“twin” keys exist.

The ID of the message (which can also be called LEFT KEY) is surely tobe understood therefore as a key but produced before and thus a new key.

The encoding device 12 encodes the ID_(Msg) so as to obtain a usernameID_(CR) containing the ID_(Msg) in a concealed manner making it possibleif the correct decoding is known to go back to it or at least to arepresentation thereof allowing knowing whether ID_(CR) was reallycreated by correct encoding of ID_(Msg).The ID_(CR) can also be calledRIGHT KEY.

With a message Msg are thus associated the two usernames (unique foreach message) ID_(Msg) and ID_(CR). As clarified below, the formerallows knowledge of the uniqueness of a message while the second allowshaving confirmation of the identity of the owner who produced themessage or to whom it refers. Indeed, encoding of ID_(Msg) in ID_(CR) isdone in accordance with a code which was previously associated with theowner of the message to be transmitted. For example it is advantageousthat the encoding and the following corresponding decoding be realizedas encryption and decryption operations with a key and with a particularkey or algorithm associated with the particular owner of the message. Inparticular, such encryption and decryption can be advantageously of theknown public/private key type in which the encryption is done by theencoding device 12 using the private secret key of the owner who sendsthe message or to whom it refers.

Once the usernames to be associated with the message are obtained theycan be sent to the receiving part of the system through a suitable knowntransmission means, for example internet, dedicated networks, telephonelines et cetera. The transmission means and the paths followed by thevarious usernames and the message can be the same for all or differentfrom each other depending on specific requirements or desires.

ID_(Msg) and ID_(CR) can also be assembled in a single compoundidentifier ID_(T) which can also be called SUPER KEY=LEFT KEY+RIGHT KEY.

If a single transmission means is used, the usernames and the messagecan be assembled in a single total MSG_(T) message. All this is shownclearly in FIG. 3. If desired, this total message can be in turnencrypted in accordance with known techniques.

In one embodiment of the present invention the message is alsoassociated with a username ID_(owner), unique for each possible owner ofthe message to be transmitted. For example, in case of a transaction bycredit card said ID_(owner) can be the card number. This ID_(owner) canbe produced or extracted by means 14, for example a programmedelectronic memory, manual input means or reading means of owner datacontained on a card used in the transaction. This ID_(owner) can also beused to control correct encoding in the encoding device 12.

Known methods of combination of the various parts and possible knowntransmission codifications even dependent on the particular means oftransmission and even desired for implementation of additional securitylevels can be used. All this is readily imaginable to those skilled inthe art and is not further discussed or shown.

FIG. 2 shows the part designated as a whole by reference number 16 ofthe system in accordance with the present invention present on themessage receiving side.

To verify the security of a received message (Msg) (which can beprocessed in accordance with the intended use of the message by anyknown processing system 17, for example a transaction manager notfurther discussed here, said receiving part 16 comprises a controldevice 18 to recognize whether an ID_(Msg) associated with a receivedmessage has not been received previously. For recognition, the device 18manages an archive of previously used IDs 19. Every time an ID_(Msg)arrives the device checks in the archive 19 whether it has already beenmemorized and issues a corresponding ID acceptable or unacceptablesignal 20. If the ID has not been used yet the associated message isconsidered new and the ID is memorized in the archive to prevent futurenew use.

The receiving part 16 also comprises a decoding device 21 which receivesthe control identifier of the owner ID_(CR) associated with the receivedmessage and applies to it a decoding associated with a supposed owner ofthe received message. At outlet from the decoder an identifier ID_(DCR)is thus obtained. The decoding is realized in such a manner that thereis a predetermined agreement between ID_(Msg) and ID_(DCR) if theID_(CR) had been obtained for encoding of the ID_(Msg) by the methodassociated with the message owner.

Verification means 22 receive the ID_(Msg) and ID_(DCR) and ascertainand signal with a signal 23 the existence or not of said predeterminedagreement. If there is agreement the message can be considered asbelonging to its legitimate owner. If both the conditions at the outlets20 and 23 are verified positively the device 16 emits a positiveverification signal 24 and the message Msg associated with the usernamesreceived can be considered acceptable on the basis of the securityverification in accordance with the present invention.

As may be seen again in FIG. 2, the agreement signal 23 can also be sentto the sole ID recognizer 18 so as to inhibit memorization of themessage ID among the IDs already used in case agreement between ID_(Msg)and ID_(CR) is not found. This avoids useless memorization of ‘false’IDs among the IDs already used. The decoding device 21 will usuallyoperate in reverse of the encoding device 12 in such a manner that ifthe encoder 12 obtains a certain ID_(CR) from a specific ID_(Msg) thedecoder will again obtain the same ID_(Msg) starting form the ID_(CR).In this case the agreement verification made by the device 22 will be averification of sameness among received ID_(Msg) and decoded ID_(CR).

If, as mentioned above, the encoder makes a key encryption the decoderwill make a corresponding key decryption. The keys associated with theowners will be memorized in a purposeful key archive 25.

For example if the encryption system chosen is with public/private key,the decoder will perform a decryption as called for by said known systemby using the appropriate key corresponding to the owner associated withthe message. In accordance with one aspect of the present invention, ifon the transmitting side the above mentioned owner identifier(ID_(owner)) is also associated with the message, on the receiving sidethe decoding to be applied can advantageously be selected from among aplurality of possible decodings on the basis of the owner identifierassociated with the received message. Selection of the right key fromthe archive 25 thus becomes much faster since the ID_(owner) is suppliedto the decryption device 21 as a search index for the right key in thekey archive 25.

It is now clear that it is possible to realize a device 10 forassociation of safety verification factors with a message transmitted inelectronic form and a system 10, 16 for a security verification of amessage transmitted and received in electronic form and a method for asecurity verification of a message transmitted and received inelectronic form.

As readily imaginable to those skilled in the art, the practicalrealization can be totally software, totally hardware or mixed.

The device 10 can also be realized in portable form (for example a smartcard) to be supplied for example to a credit card owner who can thusgenerate an ID_(T) or SUPER KEY to be supplied together with the otherdata (amount to be debited thereto, card number et cetera) for paymentby card. These data can be considered the message MSG and if necessaryencrypted in accordance with a known system.

As an alternative the device could be kept at the store where thepurchase is made and the card owner could input therein in a reservedmanner the encoding key for production of the RIGHT KEY part of theSUPER KEY which would thus be generated by the apparatus.

The security of the system in accordance with the present invention isevident from the above description.

The SUPER KEYs are to be considered public as they are transmitted overchannels which are intrinsically unsafe but which conceal within them inprotected mode the univocity of both the message and the owner.

An organization supplying the above mentioned service could supply tothe customer an adequate hardware and/or software support (even directlyintegrated in an ‘intelligent’ credit card) and by means of this supportthe customer would be able to send the SUPER. KEY generated througheither a private or a public position. The SUPER KEY can cover (in theexample of the monetary transaction) the same steps covered by theinformation of the normal credit or debit card. The SUPER KEY once usedis recorded in the database of the organization and thus becomesinactive. Whoever tried to reuse it would nullify the request andinterception of the SUPER KEY is thus useless. The SUPER KEY can also beunderstood as ‘single use’ identification.

A dishonest user could refuse to use his own unique key generator butsteal one of the keys already produced by another user and create a twinthereof. The key would however be unusable because each time a usermakes a transaction by using the generator of unique keys, the keygenerated is added to the list present in the organization's database.The database contains the list of all the LEFT KEYs produced over timeand only LEFT KEYs, not RIGHT or SUPER KEYs, and ensures that the keysalready produced are unusable. The predetermined biunivocal agreementbetween the user and the corresponding algorithm or encoding/decodingkey with the corresponding archive of keys and/or algorithms with theorganization ensures the possibility for the organization to reallydistinguish two users and reject counterfeit requests or messages. Sincethe message uniqueness identifier reaches the organization both in clearand encoded form it is impossible to falsify only the message uniquenessidentifier within a SUPER KEY. Naturally the above description of anembodiment applying the innovative principles of the present inventionis given by way of non-limiting example of said principles within thescope of the exclusive right claimed here.

For example the message MSG can be of any known type, even encrypted, tobe decrypted upon arrival in accordance with any known method. Theseoperations can also be performed by the same devices 12, 21 which encodeand decode the message identifier.

The message identifier can also be assembled with the message beforeencoding and the encoding can then be performed on the result of theassembly to have an identifier ID_(CR) incorporated in encrypted form inthe transmitted message to then be decoded and extracted on thereceiving side.

The owner identifier can be a specific identifier assigned by themanager of the service or a unique already existing identifier chosenconventionally. For example in the case of a natural person owner, histaxpayer's code number, driving license number, credit card number etcetera may be used.

1. Method for security verification of a message (Msg) transmitted andreceived in electronic form which: on the transmitting side comprisesthe steps of associating with the message for its subsequent securityverification a univocal message identifier (ID_(Msg)) and an identifier(ID_(CR)) for checking the identity of the message owner with thechecking identifier (ID_(CR)) being obtained by applying to the univocalmessage identifier (ID_(Msg)) a coding associated with the owner of themessage to be transmitted, and on the receiving side for securityverification of a received message (Msg) comprises the steps of:verifying and signaling the fact of having or not having received amessage previously with the same univocal message identifier (ID_(Msg))associated, applying a decoding associated with a supposed owner of thereceived message to the checking identifier of the owner (ID_(CR))associated with the received message, and ascertaining and signaling theagreement or not between the univocal message identifier (ID_(Msg))associated with the received message and the result (ID_(DCR)) of saiddecoding of the checking username (ID_(CR)).
 2. Method in accordancewith claim 1 in which before transmission the univocal messageidentifier (ID_(Msg)) and the identifier (ID_(CR)) for checking theidentity of the message owner are assembled in a unique compoundidentifier (ID_(T)).
 3. Method in accordance with claim 1 in which onthe transmitting side at least the checking identifier (ID_(CR)) isassembled with the message and transmitted therewith.
 4. Method inaccordance with claim 3 in which the assembling takes place by insertingthe message identifier (ID_(Msg)) in the message (Msg) and applying thecoding to the result of the insertion.
 5. Method in accordance withclaim 1 in which on the transmitting side, with the message to betransmitted is also associated an owner identifier (ID_(owner)) and onthe receiving side the decoding to be applied is selected from among aplurality of possible decodings on the basis of the owner identifier(ID_(owner)) associated with the received message.
 6. Method inaccordance with claim 1 in which the coding and decoding are keyedencryption and decryption operations.
 7. Method in accordance with claim3 in which encryption and decryption are the type with public/privatekey.
 8. Method in accordance with claim 1 in which ascertainment of theagreement between univocal message identifier (ID_(Msg)) associated withthe message received and the result of the decoding of the checkingusername (ID_(CR)) consists of verifying the sameness between saidunivocal message identifier (ID_(Msg)) and the result of the decoding ofthe checking username (ID_(CR)).
 9. System for a safety verification ofa message (Msg) transmitted and received in electronic form andcomprising: on the transmitting side: a univocal message usernamegenerator (ID_(Msg)), an encoding device which receives the messageusername (ID_(Msg)) produced by the generator and codifies it inaccordance with a code associated with the owner of the message to betransmitted to obtain therefrom an identifier (ID_(CR)) for checking theidentity of the message owner, transmission means which associate withthe message to be transmitted the checking identifier (ID_(CR)) and theunivocal message identifier (ID_(Msg)) obtained, on the receiving sidefor security verification of a received message (Msg): a control devicewhich verifies and signals that the message identifier (ID_(Msg))associated with the received message has or has not been receivedpreviously, a decoding device which receives the owner checkingidentifier (ID_(CR)) associated with the received message and appliesthereto a decoding associated with a supposed owner of the receivedmessage, verification means which ascertain and signal the agreement ornot of the univocal message identifier (ID_(Msg)) with the result of thedecoding of the checking username (ID_(CR)).
 10. System in accordancewith claim 8 characterized in that the encoding and decoding devices arekeyed encryption and decryption devices.
 11. System in accordance withclaim 9 characterized in that the encryption and decryption devices arethe public/private key type.
 12. Device for association of securityverification factors with a message transmitted in electronic formcharacterized in that it comprises: a univocal message usernamegenerator (ID_(Msg)), an encoding device which receives the messageusername (ID_(Msg)) produced by the generator and encodes it inaccordance with a code associated with the owner of the message to betransmitted to obtain therefrom an identifier (ID_(CR)) for checking theidentity of the message owner, means which associate with the message tobe transmitted the checking identifier (ID_(CR)) and the univocalmessage identifier (ID_(Msg)) obtained.
 13. Device in accordance withclaim 12 characterized in that the encoding device is a keyed encryptiondevice.
 14. Device in accordance with claim 12 characterized in that itissues a compound identifier (ID_(T)) made up of the combination of theunivocal message identifier (ID_(Msg)) and the identifier (ID_(CR)) forchecking the identity of the message owner.